Download the Comment Letter [PDF]

James P. Sheesley, Assistant Executive Secretary
Attention: Comments/Legal OES 
Federal Deposit Insurance Corporation
550 17th Street NW 
Washington, DC 20429
RIN 3064-AF94 

Re: Guidelines Establishing Standards for Corporate Governance and Risk Management for Covered Institutions with Total Consolidated Assets of $10 Billion or More 

Dear Sir or Madam, 

The Conference of State Bank Supervisors (“CSBS”)¹ provides the following comments on the Notice of Proposed Rulemaking entitled “Guidelines Establishing Standards for Corporate Governance and Risk Management for Covered Institutions with Total Consolidated Assets of $10 Billion or More”² (“proposal,” “proposed guidelines,” or “Governance Proposal”) issued by the Federal Deposit Insurance Corporation (“FDIC” or “the agency”). The proposed guidelines would apply to all insured state nonmember banks, state-licensed insured branches of foreign banks, and insured state savings associations (collectively, “state nonmember banks” or “covered banks”) subject to Section 39 of the Federal Deposit Insurance Act (“FDI Act”) with total consolidated assets of $10 billion or more. 

As the chartering authority and primary regulator of covered banks subject to the proposal, state regulators have an obvious and critical stake in the safety and soundness of these institutions, and the necessity for, and merit of, the proposal’s requirements. As of Sept. 30, 2023, there were over 2,900 state nonmember banks, i.e., banks supervised by both state regulators and the FDIC. A subset of those, nearly 60, would be explicitly subject to the proposal. The FDIC also reserves the prerogative to impose the guidelines on any state nonmember bank it deems “highly complex” or of “heightened risk.” 

State regulators promote safety and soundness and support strong corporate governance and risk management practices. Indeed, state law is the traditional foundation for corporate governance and fiduciary standards for all businesses, including banks, licensed or chartered in a state. With little to no data or factual support and no clear authority for doing so, the Governance Proposal would set aside state laws and precedent for covered banks. Without a clearly defined problem, the proposal would also create confusing and conflicting mandates at the federal and state level. 

The proposal’s deficiencies are fundamental and numerous. Given these fatal flaws, it should be withdrawn in its entirety. 

Executive Summary 

The proposed guidelines ignore, and create avoidable conflicts with, state law, the foundational source of corporate governance models, standards, and requirements. 

The FDIC’s proposed federal stakeholder standard would cause unnecessary conflicts with existing state fiduciary standards, which for over 100 years have made clear that directors owe a fiduciary duty to the corporation and its shareholders. In contravention of the business judgment rule, the proposal would establish a new federal corporate governance standard that requires a bank’s board to consider the interests of an impossibly broad list of “stakeholders.” These new stakeholder duties would undermine the ability of directors to meet their primary obligations to the bank and its shareholders. 

The courts have consistently held that clear Congressional intent or directive is needed to override state corporate law. Despite the FDIC’s attempt to redefine corporate governance standards in the proposed guidelines, Congress has not provided the agency with the requisite authority in Section 39 of the FDI Act to expand the constituencies to whom a board owes a legal obligation. 

The proposed guidelines introduce new director duties that undermine robust, independent governance and inappropriately task directors with responsibilities that traditionally fall to management, blurring the distinctions between policy setting and oversight, on the one hand, and day-to-day operations, on the other. 

Well-established corporate governance principles dictate a critical distinction between a board’s oversight role and management’s day-to-day operation of the bank. Unfortunately, the proposal rejects this distinction, requiring directors to carry out a litany of tasks that are appropriately delegated to management under every other corporate governance framework. 

The proposal would create a checklist approach to corporate governance and risk management, which would inevitably lead to a “check-the-box” examination process. Such an approach is inconsistent with sound risk management, as banks and bank examiners should focus on core safety and soundness risks. 

The proposed guidelines create new board composition requirements that would lead to unnecessary complexities for directors of banks and their holding companies. 

Under the proposal, the board of a covered bank would need to have a majority of outside and independent directors. This new requirement would upend the current composition of many covered banks’ boards of directors, but it is not based on any existing law, regulation, or adequately justified rationale. 

The FDIC’s proposed independence requirements also create needless complications and disruptions for covered banks whose holding company and subsidiary bank share overlapping boards, a common practice among banking organizations. For publicly traded institutions, the proposed board independence requirements would contradict the independence standards established by the national securities exchanges. 

The proposed guidelines veer sharply from the requirements applicable to similar institutions with different regulators. 

The proposed guidelines would apply only to state-chartered banks supervised by state regulators and the FDIC (“state nonmember banks”), but not to state-chartered banks supervised by state regulators and the Federal Reserve Board (“FRB”) (“state member banks”), or national banks supervised by the Office of the Comptroller of the Currency (“OCC”). No policy argument has been proffered as to why one group of banks should have a dramatically different set of corporate governance and risk management requirements than others. 

The proposed guidelines also have the perverse effect of imposing the most onerous corporate governance and risk management requirements on the relatively smallest banks. The FDIC’s overly prescriptive standards would explicitly apply to state nonmembers banks with $10 billion or more in assets. By contrast, the OCC’s principles-based heightened corporate governance and risk management standards apply to national banks with $50 billion or more in assets, and the FRB’s enhanced prudential standards apply to bank holding companies (“BHC”) with $100 billion or more in assets. The FDIC could also impose the enforceable guidelines on any bank that it deems as “highly complex” or that presents a “heightened risk.” The FDIC fails to justify why smaller state nonmember banks should be subject to more onerous standards than larger state member banks and national banks. 

The proposed guidelines’ impact on receivership proceedings was not discussed and, therefore, the enumerated obligations cannot be used against directors of failed banks. 

When the FDIC serves as a receiver for failed banks, it may seek to recover from directors for violations of duties owed to the institutions. This receivership role is critical and may involve recovery from directors who violated their duties under state law. However, the Governance Proposal inappropriately seeks to impose additional obligations than currently applicable under state law. In so doing, the proposal also would usurp the business judgment rule. The imposition of these additional obligations in receivership proceedings, combined with the attempted revocation of the business judgement rule, would be inconsistent with prior judicial precedent. Any court confronted with such an argument should reject the extension of the Governance Proposal to FDIC receivership proceedings. 

Specific Concerns with the Proposal 

The proposed guidelines ignore, and create avoidable conflicts with, state law, the foundational source of corporate governance models, standards, and requirements. 

Central to state regulators’ concerns is the manner in which the guidelines ignore, and create avoidable conflicts with, state law. Corporate governance models, standards, and requirements are the province of state law. Corporate formation itself is a matter of state law.³ The state nonmember banks covered under the proposal all owe their corporate existence to the states in which they are chartered, and these same banks are subject to well-established corporate governance frameworks that have developed over time through the evolution of law and judicial precedent of the states in which they are incorporated.⁴ The FDIC’s proposed guidelines make virtually no mention of these existing, robust state corporate governance laws or standards, and in so doing, ignore a material fact that negates the need for this proposal. 

The FDIC also ignores Congress’s longstanding deference to states on matters of corporate governance. Congress has not sought to establish detailed federal corporate governance standards for private enterprises, nor for banks specifically. Indeed, banking is unique in that it is the only business sector in which a federal government agency – the OCC – charters for-profit corporations – national banks. Even in the case of national banks, the OCC’s regulations⁵ and Comptroller’s Licensing Manual⁶ look to state law in establishing corporate governance standards and requirements for these federally incorporated enterprises. 

Redefined corporate board obligations untenably expand stakeholders 

The proposed guidelines would establish, without an explicit Congressional mandate or clear agency authorization, new “stakeholder” duties for the boards of covered banks (“covered board” or “board”). Generally speaking, state laws provide that a board has a fiduciary duty to the corporation and its shareholders.⁷ Contrary to this fundamental corporate governance principle, the proposed guidelines would expand a covered board’s constituencies, requiring that a board “should consider the interests of all its stakeholders, including shareholders, depositors, creditors, customers, regulators, and the public.”⁸ This sweeping and material expansion of board obligations is so broad and amorphous as to be unworkable in practice. 

As stated by the FDIC in its Financial Institutions Letter-87-92, “[d]irectors and officers of banks have obligations to discharge duties owed to their institution and to the shareholders and creditors of their institutions, and to comply with federal and state statutes, rules and regulations.”⁹ To properly discharge these duties, directors must act in good faith and exercise a duty of loyalty and care to the bank and its shareholders.¹⁰ While consideration of other stakeholders is often beneficial for sound business judgment, it is the loyalty and care owed to the bank’s corporate entity that directors are held to, not the bank’s other constituencies. 

By creating a broader “General Obligation” that the board “should consider the interest of all its stakeholders, including shareholders, depositors, creditors, customers, regulators, and the public,” the proposal mandates consideration of constituencies well beyond bank directors’ fiduciary duties. 

Historically, these additional constituencies may be considered as a matter of business discretion, not a matter of legal obligation. When meeting the fiduciary obligation to the bank and its shareholders, directors may find it prudent, for example, to consider the interests of depositors, creditors, and customers. But these additional considerations are a matter of judgment, not a mandate. 

Troublingly, the proposal also requires consideration of the impossibly broad and undefinable interests of “the public.” For over 100 years, it has been universally understood that corporations hold no specific fiduciary obligation to the general public, and directors can be deemed to have violated their duties of care and loyalty for placing public benefit ahead of corporate benefit.¹¹ Mandating consideration of the public needlessly risks conflict with this precedent. Boards are empowered to exercise business judgment about how the interests of the public can benefit the corporation.¹² Again, this is a business judgment left to directors, not a corporate governance obligation established by law, regulation, or in the present case, enforceable guidelines.¹³ 

In addition to ignoring longstanding fiduciary duties and related standards, the proposal does not attempt to explain how this directive would avoid conflict with existing state laws related to the newly established list of constituencies, a fact noted by a member of the FDIC Board in dissenting to the proposal.¹⁴ State regulators fear that this inconsistency with corporate governance laws will create unnecessary board confusion and distracting litigation that will consume the attention and time of board members and senior management at the expense of focusing on core safety and soundness matters. Directors should be focused on their business, not how to deconflict state law and confusing federal guidelines. 

Redefined corporate board obligations ignore the basic framework of the business judgment rule 

The business judgment rule is a hallmark of United States corporate law. Under the doctrine, courts will not question a business decision unless the directors in question were operating outside the scope of their fiduciary duties to the corporation. As outlined by the Court of Chancery of Delaware, the business judgment rule ensures courts do not substitute a business judgment with their own: 

What should be understood, but may not widely be understood by courts or commentators who are not often required to face such questions, is that compliance with a director’s duty of care can never appropriately be judicially determined by reference to the content of the board decision that leads to a corporate loss, apart from consideration of the good faith or rationality of the process employed. That is, whether a judge or jury considering the matter after the fact, believes a decision substantively wrong, or degrees of wrong extending through “stupid” to “egregious” or “irrational”, provides no ground for director liability, so long as the court determines that the process employed was either rational or employed in a good faith effort to advance corporate interests.¹⁵ 

The business judgment rule looks to a board’s process. If the process is flawed in a manner that shows fiduciary duties were not discharged, then shareholders may be in a position to recover for damages for failure to exercise fiduciary duties. As noted above, whether the public and other external stakeholders are considered is a business decision to be made by directors subject to fiduciary duties. The business judgment rule protects directors from liability related to those decisions so long as the fiduciary duties were met. By mandating consideration of external stakeholders, the proposal would obligate directors to extend their duty of care to non-shareholder constituencies, opening the door to litigation and inappropriately minimizing the scope of the business judgment rule. 

FDIC lacks statutory authority to establish the new stakeholder standards 

The FDIC has issued the proposal as enforceable guidelines under Section 39 of the FDI Act,¹⁶ which directs the federal banking agencies to prescribe safety and soundness standards for insured depository institutions. However, there is no clear nexus between safety and soundness and the vastly expanded board duties that are proposed in the guidelines. Fundamentally, Congress has not provided the agency with the requisite authority to promulgate rules and standards regarding to whom the board owes a legal duty (i.e., stakeholder duties vs. state fiduciary duties). The FDIC’s foray into redefining corporate duties and constituencies has potentially vast economic and political significance, presents a major question of public policy, and cannot be done absent a clear Congressional mandate. Additionally, the courts have been reluctant to federalize or override state corporate law without clear Congressional intent or directive.¹⁷ The FDIC has no such authority to subvert wide swaths of established state principles of board responsibilities. 

The proposed guidelines introduce new director duties that undermine robust, independent governance and inappropriately task directors with responsibilities that traditionally fall to management, blurring the distinctions between policy setting and oversight, on the one hand, and day-to-day operations, on the other. 

Well-established corporate governance laws, standards, and principles, both within and outside of the banking industry, recognize and promote the critical distinctions between a board’s oversight role and management’s day-to-day operation of the enterprise. However, the proposed guidelines fundamentally alter these requirements, in a manner that creates confusion between bank director and bank management roles and responsibilities. 

In several guides, the FDIC has clearly articulated the board’s responsibility to oversee and monitor a bank’s business objectives, operations, and business performance.¹⁸ Likewise, the FRB states that the board “should delegate the day-to-day routine of conducting the bank’s business to its officers and employees.”¹⁹ The OCC similarly emphasizes that it is the responsibility of bank directors to oversee the bank, with one of their most critical functions being the selection, retention, and oversight of effective management who is “able to direct day-to-day operations to achieve the bank’s strategic goals and objectives while operating within the risk appetite.”²⁰ The OCC further expounds on the role of board directors in its Comptroller’s Handbook – Safety and Soundness, Corporate and Risk Governance: “The board’s role in the governance of a bank is clearly distinct from management’s role. The board is responsible for overall direction and oversight of the bank—but is not responsible for managing the bank day-to-day.”²¹ 

The proposal departs from these well-established board and management roles and responsibilities as detailed below. This will have the perverse effect of undermining effective corporate governance and risk management at covered banks. 

Confuses bank director and bank management roles and responsibilities 

As recognized by all the federal banking agencies – including the FDIC – and state regulators, the distinction between director roles and officer roles is foundational to strong, effective, and independent board oversight. Unfortunately, the proposed guidelines are so granular and prescriptive that they result in blurring these distinct roles and inappropriately task the board with roles and responsibilities that should be the purview of bank management. By doing so, the proposal threatens board independence, degrades effective risk management, and affects a board’s ability to provide credible challenge to management’s recommendations and decisions. 

Under the proposed guidelines, covered boards would be responsible for establishing and approving a litany of policies and processes²² that fall within the traditional domain of senior management. Rather than reviewing and overseeing the significant, overarching policies that set the bank’s strategic direction and address critical safety and soundness matters, covered boards would be distracted with establishing and approving business level and/or operational policies that are best and typically delegated to officers of the bank. 

As an example, the proposed guidelines require a board to adopt and review (at least annually, or when any change is made) a bank’s “risk management program,” which must include “policies and procedures,” “processes and systems,” and “policies, procedures and processes,” with granular, prescriptive requirements for all of the above.²³ The guidelines include directives for the board to establish highly detailed “processes” that the front line and independent risk management units are to follow.²⁴ Given that the proposed guidelines make boards responsible for approving processes and “establishing and approving the policies that govern and guide the operations of the covered institution,” the board presumably would be required to approve the highly detailed, operational policies that are part of the risk management program.²⁵ Conversely, the proposed guidelines include numerous references to management or business units establishing “policies,”²⁶ seemingly in contradiction to the guidelines’ own requirement that the board bear this responsibility.²⁷ At best, these detailed mandates are confusing and internally inconsistent. At worst, they are an unclear unraveling of accepted board and management roles. State regulators are concerned that these granular and inconsistent dictates will inundate covered boards with procedures and processes traditionally and better left to bank officers accountable to the board, distracting board members from their core safety and soundness-focused oversight responsibilities. 

Granular and frequent reviews and results-oriented requirements distract from long- term, strategic board oversight 

Under the proposed guidelines, covered boards would be required to review and approve a bank’s risk profile and risk appetite statement at least quarterly or even more frequently as needed based on the size and volatility of risks and any material changes in the bank’s business model, strategy, risk profile, or market conditions.²⁸ The proposed requirement, which would also require a bank to notify the FDIC in writing of a breach of a risk limit or noncompliance with the risk appetite statement or risk management program,²⁹ imposes considerably more extensive obligations on covered boards than state member banks and national banks. 

In contrast, the OCC’s heightened standards only require boards to review and approve the risk appetite statement annually (or more frequently as necessary based on the size and volatility of risks faced by a bank),³⁰ while the FRB’s enhanced prudential standards simply say, “an effective board oversees the development of, reviews, approves, and periodically monitors the firm’s strategy and risk appetite.”³¹ 

Additionally, the proposed guidelines repeatedly call on directors to “confirm” or “ensure” a bank’s actions, as opposed to the more typical expectation that a board “oversee” management and hold management accountable. The use of “ensure” and similar terms inappropriately heightens the duties, expectations, and standards imposed on directors, and stands in stark contrast to existing state corporate governance laws and generally accepted governance principles that reject results-oriented outcomes. 

Prescriptive rules-based requirements promote “check-the-box” risk management and supervision

The proposed guidelines emphasize form over substance and lean toward a prescriptive rules-based approach to corporate governance, as opposed to the principles-based approach prevalent under state law and accepted by the FRB and OCC. State regulators believe this will lead to boards becoming more focused on a “check-the-box” exercise to avoid receiving an FDIC safety and soundness order, rather than engaging in robust, dynamic governance focused on the most significant safety and soundness risks. 

The proposed granular guidelines will also effectively change the examination process and priorities for FDIC examiners, encouraging these examiners to focus on a more rules-based, “checklist” approach instead of focusing on a bank’s core condition and key safety and soundness risks. This runs directly counter to one of the primary lessons learned from the 2023 spring bank failures: banks and bank examiners should focus more on core safety and soundness risks and less on unrelated business processes. 

New requirements increase liability for directors and recruiting challenges for banks 

Boards have historically been tasked with governing and overseeing, but not directly managing the bank, under well-established principles the proposed guidelines reject. By expanding the board’s responsibilities through granular requirements, the proposal will almost certainly increase directors’ personal liability beyond the already considerable exposures faced under existing law and regulation.³² State regulators are concerned that the specter of even greater potential personal liability will have a material chilling effect on the ability of covered banks to recruit and retain qualified directors. 

The proposed guidelines create new board composition requirements that would lead to unnecessary complexities for directors of banks and their holding companies. 

The proposed guidelines would require covered boards to have a majority of outside and independent directors, with new requirements concerning when independent directors of the bank’s holding company board would qualify as independent directors of the subsidiary bank’s board. The FDIC has failed to establish the necessary foundation to support the proposed “independence” requirements related to board composition. The proposed requirement: 

• is uncertain and vague, 
• potentially upends existing board composition practices without a documented rationale or factual predicate, 
• introduces potential inconsistency or conflict with existing FRB bank holding company (“BHC”) regulations,³³ 
• introduces potential inconsistency or conflict with existing securities exchange rules exempting controlled companies from independence requirements,³⁴ and 
• results in inconsistent standards for state nonmember banks compared to state member and national banks.³⁵ 

In sum, these “independence” requirements are unjustified and problematic.³⁶ 

New board composition requirements – majority outside and independent directors 

With no justification, the proposal’s board membership restrictions and requirements will fundamentally alter the current structure of impacted boards. The clearest example is that a covered bank’s board would need to have a majority of outside and independent directors. However, this requirement is not found in the FDI Act nor any other federal banking law. 

Fundamentally, these new and novel “independence” requirements pertaining to a bank’s board and its parent company go beyond existing standards in the FDIC’s own audit regulations,³⁷ and exceed those of the other federal banking agencies. The FDIC would impose these novel requirements on a subset of state nonmember banks, with the result that these banks would be subject to a different and significant set of board eligibility requirements not imposed on state member banks or national banks. 

New board composition requirements – impact on bank holding companies 

Under the proposal, for a director of the BHC to count as an independent director of the bank, the holding company must “conduct limited or no additional business operations outside of the institution…”³⁸ The proposal is unclear in that it fails to specify what the FDIC considers to be “limited” or “no additional” activity, or how that determination would impact who is considered an “independent director.” The proposal also fails to identify, let alone document, the problem this prophylactic and broad standard is intended to solve. 

Virtually all the covered banks subject to the proposal have a holding company structure and, in state regulators’ experience, are likely to have overlapping membership of their holding company board and subsidiary bank board. In our collective experience as supervisors, this is a common practice throughout the country and not one that is problematic. On the contrary, we believe that such structure has significant benefits. Common membership can, among other things, enable parent–subsidiary communication and transparency, risk and strategy alignment, and appropriate escalation. 

In addition, BHCs are not regulated by the FDIC, but instead, subject to supervision and extensive regulation by the FRB under the Bank Holding Company Act of 1956³⁹ and related regulations.⁴⁰ State regulators are not aware of any FRB rule or regulation that places limits on independent BHC board members also serving on the board of an FDIC-insured depository subsidiary, or vice versa. At a minimum, and dependent on the FDIC adequately supporting a compelling safety and soundness basis for its intended BHC/bank director limitations, any potential regulatory restrictions involving BHC and subsidiary-insured depository board members should be developed on a joint basis with the FRB, rather than being implemented unilaterally by the FDIC. 

New board composition requirements – impact on publicly listed companies 

Many BHCs are publicly traded firms, subject to federal securities regulations administered by the U.S. Securities and Exchange Commission (“SEC”). Moreover, such BHCs are subject to board member “independence” requirements under applicable exchange rules. The FDIC’s proposed “independence” requirements would conflict with standards established by national securities exchanges. Specifically, and in contrast to the proposed guidelines, the national securities exchanges provide “controlled companies” (e.g., bank subsidiaries) with exemptions from their independence rules.⁴¹ 

The proposed guidelines impose significantly different requirements on state nonmember banks compared to similarly sized state member banks and national banks, without a clear foundation, and in conflict with the generally accepted principle of similar regulation for similar institutions. 

The proposed guidelines create an unlevel playing field between state nonmember banks, on the one hand, and state member and national banks, on the other. 

Different regulatory requirements for, and treatment of, similarly situated banks 

As the chartering authority of state banks, state regulators, along with the FDIC and FRB, will be examining state member and nonmember banks subject to different rules and requirements on the same topics. This result—similarly sized insured depository institutions engaged in similar businesses facing materially different governance and risk management standards—conflicts with the accepted principle of similar regulation for similar risks at similar institutions. 

Scope of application / reservation of authority 

If adopted, along with establishing more prescriptive corporate governance standards than the OCC or FRB, the FDIC’s proposed guidelines would be applied beginning at a substantially lower threshold for state nonmember banks – $10 billion in total consolidated assets⁴² – than the OCC’s heightened standards for large national banks – $50 billion⁴³ – and the FRB’s enhanced prudential standards for BHCs – $100 billion.⁴⁴ The FDIC’s lower threshold is being proposed without a clear and compelling basis, is arbitrary, and conflicts with Congressional directives related to tailoring.⁴⁵ 

Importantly, Congress originally directed the FRB to establish enhanced prudential standards (“EPS”) for BHCs with $50 billion or more in assets under Section 165 of the Dodd-Frank Act.⁴⁶ The OCC’s heightened standards were developed with this Congressionally established $50 billion asset threshold in view, and they were finalized after coordination with the FRB to limit inconsistencies and conflicts between EPS applicable to national bank holding companies and heightened standards applicable to national banks.⁴⁷ The Economic Growth, Regulatory Relief, and Consumer Protection Act subsequently revised the asset threshold for BHCs subject to EPS to $100 billion in total assets, as well as the Risk Committee requirements from $10 billion to $50 billion.⁴⁸ In stark contrast, the proposed $10 billion asset threshold, and the FDIC’s statements that these are “larger, more complex institutions,” are out of step with Congressional directives and other federal banking agency actions. 

To potentially make the disparate treatment of state nonmember banks even more extreme, the proposal also includes a “reservation of authority” allowing the FDIC to apply the guidelines to a state nonmember bank under the $10 billion asset threshold “if the FDIC determines such institution’s operations are highly complex or present a heightened risk that warrants the application of these [g]uidelines.”⁴⁹ Critical terms such as “highly complex” or “heightened risk” are undefined, which introduces concerns of potential future “regulation by enforcement,” the likely outcome that these requirements will “trickle down” to substantially smaller institutions, and further inconsistent treatment for institutions of similar size and complexity. 

Regulatory approaches across the three federal banking agencies include numerous examples where requirements increase with the size and complexity of a bank. However, it is not surprising that there is a dearth of examples where higher standards are applied to smaller, less complex institutions across the 

board (e.g., global systemically important banks (“G-SIBs”) versus a $10 billion nonmember bank). The state nonmember banks subject to the proposal do not present a level of complexity and a sufficiently higher risk profile to warrant compliance with more prescriptive governance standards than are applicable to their state member and national bank counterparts, including the largest and most complex G-SIBs. This lack of sufficient evidence, including data, case studies, or analysis, raises serious questions regarding the reasonableness of, and necessity for, the FDIC’s proposed divergent approach. 

The administrative record does not include discussion of the proposed guidelines’ applicability in receivership proceedings and, therefore, cannot be used in actions to recover from directors of failed banks. 

The proposed guidelines are silent on whether directors of failed banks will be liable to banks for failing to consider depositors, creditors, customers, and the public. Accordingly, the lack of an administrative record dictates that the guidelines, if finalized, cannot be cited in an action by the FDIC as a receiver trying to recover from directors. 

As a receiver of failed banks, the FDIC has repeatedly sought to bypass the business judgment rule. In 1997, the FDIC tried to assert a “federal common law” to lower the business judgment rule standard applicable to directors of failed banks.⁵⁰ The Supreme Court rejected the FDIC’s assertion of a federal common law and restated that state law, not federal common law, dictates the applicable standard of care when determining the culpability of the director of a failed bank.⁵¹ As stated by the Court: 

The Court notes that here . . . the FDIC is acting only as a receiver of a failed institution; it is not pursuing the Government’s interest as a bank insurer—an interest likely present whether the insured institution is state, or federally, chartered. The federal need here is far weaker than was present in the few and restricted instances in which this Court has created a federal common law. Thus, state law . . . provides the applicable rules for decision.⁵² 

Despite clarity from the Supreme Court, the FDIC has sought other means of avoiding the business judgment rule. In FDIC v. Beere,⁵³ the FDIC argued that Wisconsin’s business judgment rule did not apply to directors of a failed bank because: 

the [FDIC] does not just stand in the shoes of the institution, but also represents depositors, creditors, and the federal insurance fund in addition to the Bank’s shareholders and other entities. As receiver, the [FDIC] should not be restricted by a state insulating statute that is designed to limit liability in shareholder suits against active directors.⁵⁴ 

The FDIC sought to be viewed as “acting more like a trustee in bankruptcy” because “as receiver, it asserts rights on behalf of depositors, creditors and a federal insurance fund as well as the bank and its shareholders . . .”⁵⁵ The Eastern District of Wisconsin rejected the FDIC’s contention and ruled that the FDIC constitutes a “person asserting rights on behalf of the bank or its shareholders,” and is thus subject to the standards in derivative lawsuits governed by state statute and fiduciary standards subject to the business judgment rule.⁵⁶ 

In Beere, the FDIC cited 3 of the 4 constituencies the FDIC now proposes to obligate directors to consider. Given the FDIC’s history of attempting to avoid the business judgment rule, state regulators think it is important to note the administrative record is insufficient for the proposed obligations to be included in any receivership litigation. If the proposed guidelines are cited as an obligation of bank directors in an effort to usurp the business judgment rule, a reviewing court will be empowered to look beyond the administrative record and challenge the proposed guidelines based on a “showing of bad faith or improper behavior.”⁵⁷ 

Conclusion 

State regulators promote safety and soundness and support strong corporate governance and risk management practices. However, the FDIC has failed to adequately articulate a problem that would be solved by the guidelines. The proposal clearly conflicts with corporate governance laws and standards established by state law, confuses the roles and responsibilities of directors and management, introduces overly complex and unnecessary board independence requirements, and creates an unlevel playing field for certain state-chartered banks. For these reasons, the proposed guidelines are fatally flawed. The FDIC should withdraw the Governance Proposal in its entirety. 

Sincerely, 

Karen K. Lawson 

Executive Vice President, Policy & Supervision 

Endnotes

1 CSBS is the nationwide organization of state banking and financial regulators from all 50 states, the District of Columbia, and the U.S. territories. 

2 Guidelines Establishing Standards for Corporate Governance and Risk Management for Covered Institutions with Total Consolidated Assets of $10 Billion or More, 88 Fed. Reg. 70391 (October 11, 2023) (“Governance Proposal”). 

3 The Constitutional Convention of 1787 addressed the power “to grant charters of incorporation in cases where the public good may require them, and the authority of a single State may be incompetent.” James Madison, Journal of the Federal Convention (August 18, 1787) (reprinted in E.H. Scott, Journal of the Federal Convention, 549-50, Chicago, Albert, Scott & Co. (1893)). James Madison enlarged the scope of this consideration to include situations “where the interest of the U.S. might require & the legislative provisions of individual States may be incompetent.” Id. (September 14, 1787) (reprinted in Scott at 725-26). In an eight to three vote, the delegates voted against a federal corporate chartering power. In addition to believing it unnecessary, the framers thought the federal power would be too divisive for the local economic concerns of different regions, such as banks in the North and mercantile monopolies in the South. Id. 

4 The covered banks potentially subject to the proposed guidelines are subject to the state corporate governance frameworks of Alabama, Arkansas, California, Colorado, Delaware, Georgia, Hawaii, Illinois, Indiana, Massachusetts, Mississippi, Missouri, Montana, Nevada, New Jersey, New York, North Carolina, North Dakota, Oklahoma, Oregon, Pennsylvania, Puerto Rico, South Carolina, Tennessee, Texas, Utah, Virginia, Washington, and West Virginia. 

5 12 C.F.R. 7.2000. 

6 OCC, Comptroller’s Licensing Manual – Articles of Association, Charter, and Bylaw Amendments (February 2022) (“A national bank may elect to follow the corporate governance provisions of the law of any state in which the main office or any branch of the bank is located, the law of any state in which a bank’s holding company is located, the Delaware General Corporation Law, or the Model Business Corporation Act . . .”). 

7 See, e.g., N.C. Gen. Stat. § 55-8-30 (“A director shall discharge the director’s duties as a director . . . [i]n a manner the director reasonably believes to be in the best interests of the corporation.”). 

8 Governance Proposal, supra note 2, at 70404 (emphasis added). 

9 Statement Concerning the Responsibilities of Bank Directors and Officers, FDIC FIL-87-92, (December 3, 1992). 

10 See, e.g., In re Caremark Int'l, 698 A.2d 959 (Del. Ch. 1996). 

11 Dodge v. Ford Motor Co., 204 Mich. 459, 507; 170 N.W. 668 (1919) (“. . . it is not within the lawful powers of a board of directors to shape and conduct the affairs of a corporation for the merely incidental benefit of shareholders and for the primary purpose of benefiting others . . .”). 

12 See, e.g., Shlensky v. Wrigley, 95 Ill. App. 2d 173 (1968). In Wrigley, a majority shareholder was sued for his consideration of the public when making a business decision. The court held that consideration of the public can impact a business and can be a factor in making business decision. “[I]t appears to us that the effect on the surrounding neighborhood might well be considered by a director who was considering the patrons who would or would not attend the games . . .” Wrigley at 180-181. While Dodge establishes that corporations cannot be run for public benefit, Wrigley makes clear that a board may consider benefits to the public as a business decision. In either case, there is no obligation to consider the interest of the public — such consideration is a business choice. 13 Id. (“By these thoughts we do not mean to say that we have decided that the decision of the directors was a correct one. That is beyond our jurisdiction and ability. We are merely saying that the decision is one properly before directors . . .” (emphasis added)). 

13 Id. (“By these thoughts we do not mean to say that we have decided that the decision of the directors was a correct one. That is beyond our jurisdiction and ability. We are merely saying that the decision is one properly before directors . . .” (emphasis added)). 

14 Statement by Jonathan McKernan, Director, FDIC Board of Directors, on the Proposed Guidelines Establishing Standards for Corporate Governance and Risk Management (October 3, 2023) (“The proposal would provide that ‘[t]he board . . . should consider the interests of all its stakeholders, including shareholders, depositors, creditors, customers, regulators, and the public.’ For at least some banks, that seems to conflict with settled law. For example, creditors generally have only limited rights beyond those in their contracts. Under some states’ laws, a board may consider non-shareholder constituencies only if there are benefits that accrue to the shareholders. 

Other states more broadly permit boards to consider non-shareholder constituencies, but only a few states actually require consideration of other stakeholders.”). 

15 In re Caremark Int’l, supra note 10, at 967. 

16 12 U.S.C. § 1831p-1. 

17 Atherton v. FDIC, 519 U.S. 213 (1997); Santa Fe Industries, Inc. v. Green, 430 U.S. 462 (1977) (quoting Cort v. Ash, 422 U.S. 66 (1975) (“[C]orporations are creatures of state law, and investors commit their funds to corporate directors on the understanding that, except where federal law expressly requires certain responsibilities of directors with respect to stockholders, state law will govern the internal affairs of the corporation.”) (emphasis in original)); Bus. Roundtable v. SEC, 284 U.S. App. D.C. 301, 905 F.2d 406 (1990). 

18 FDIC, Pocket Guide for Directors (January 3, 2024); see also FDIC, Supervisory Insights: A Community Bank Director’s Guide to Corporate Governance: 21st Century Reflections on the FDIC Pocket Guide for Directors, Chapter II (April 12, 2023) (“[W]hile directors and officers often work hand-in-hand, their formal roles within the bank are distinct and should not be intermingled. Ultimately, the board is responsible for monitoring senior management and business operations.”). 

19 FRB, Commercial Bank Examination Manual: Management Activities and Internal Controls, Section 4000 (April 2020). 

20 OCC, Director’s Book: Role of Directors for National Banks and Federal Savings Associations (November 2020). 

21 OCC, Comptroller’s Handbook – Safety and Soundness, Corporate and Risk Governance v. 2.0 (July 2019) (emphasis added). 

22 Governance Proposal, supra note 2, at 70405. 

23 Id. at 70407. 

24 Id. at 70408. 

25 Id. at 70407. 

26 Id. at 70407-08. The proposal contemplates detailed requirements for the front-line units, an independent risk management unit, and an internal audit unit, which include establishing certain written policies and establishing procedures and processes necessary to ensure compliance with board policies, among numerous other requirements. 

27 Id. at 70405. 

28 Id. at 70407. 

29 Id. at 70408. 

30 OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches, 12 C.F.R. Part 30 app. D. 

31 FRB, Attachment SR 21-3/CA 21-1: Supervisory Guidance for Boards of Directors of Domestic Bank and Savings and Loan Holding Companies with Total Consolidated Assets of $100 Billion or More (February 26, 2021). 

32 See, e.g., 8 Del. C. § 145; 12 C.F.R. 359; FDIC FIL-47-2013. 

33 Bank Holding Companies and Change in Bank Control (Regulation Y), 12 C.F.R. Part 225. 

34 NYSE Listed Company Manual, Section 303A (July 28, 2021); NASDAQ Rules, Section 5615(c)(2).

35 OCC Guidelines, supra note 30. 

36 Governance Proposal, supra note 2, at 70395, 70404-05. The FDIC also proposes consideration of board diversity factors related to demographics, professional experience, expertise, ownership level, and more. State regulators strongly support diversity across the banking industry. However, covered banks comprise institutions with a diverse range of businesses, specialties, sizes, and geographic footprints. The proposal fails to consider how these institutions’ unique considerations factor into board composition. 

37 12 C.F.R. 363.5. 

38 Governance Proposal, supra note 2, at 70405 n.45. 

39 12 U.S.C. § 1841, et seq. 

40 See Regulation Y, supra note 33. 

41 See NYSE Listed Company Manual and NASDAQ Rules, supra note 34. 

42 Governance Proposal, supra note 2, at 70394. Notably, institutions approaching the $10 billion threshold would be expected to develop a compliance program in advance or reduce their assets below the $10 billion threshold. 

Moreover, less complex institutions whose total assets only exceed $10 billion briefly, or whose size is reduced over time, would be required to undertake extensive actions that may ultimately become unnecessary and could potentially hinder growth. 

43 OCC Guidelines, supra note 30. 

44 12 C.F.R. § 252.30. 

45 12 U.S.C. § 5365(a)(2). 

46 Dodd-Frank Wall Street Reform and Consumer Protection Act, 111 P.L. 203, § 165 (2010). 

47OCC, Final Rule, Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches; Integration of Regulations, 79 Fed. Reg. 54518, n. 55 (September 11, 2014) (“Several commenters also suggested that the OCC coordinate with the [Federal Reserve] Board to ensure that these Guidelines are consistent with the Board’s enhanced prudential standards relating to risk management that were issued under section 165 of the Dodd-Frank Act. See 12 U.S.C. 5365. The Board’s enhanced prudential standards apply to a covered bank’s holding company and commenters raised concerns that inconsistencies could create unnecessary burden. We note that OCC staff met with Board staff to discuss the relationship between these Guidelines and the Board’s section 165 rules. The independence standard for directors in the final Guidelines is an example of the OCC’s efforts to address potential inconsistencies.”). 

48 Economic Growth, Regulatory Relief, and Consumer Protection Act, 115 P.L. 174, § 401 (2018). 

49 Governance Proposal, supra note 2, at 70404. 

50 Atherton v. FDIC, supra note 17. 

51 Id. 

52 Id. at 215. 

53 FDIC v. Beere, No. 14-C-0575, 2015 U.S. Dist. LEXIS 130189 (E.D. Wis. Sep. 25, 2015). 

54 FDIC-R’s Memorandum in Opposition to Individual Defendants’ Joint Motion to Dismiss the Complaint, 6, FDIC v. Beere, No. 14-C-0575, 2015 U.S. Dist. LEXIS 130189 (E.D. Wis. Sep. 25, 2015). 

55 Beere, supra note 53, at 8. 

56 Beere, supra note 53, at 5. 

57 Department of Commerce v. New York, 139 S. Ct. 2551, 2559 (2019) (quoting Citizens to Preserve Overton Park, Inc. v. Volpe, 401 U.S. 402 (1971)).